I agree with you for the 2.6.8.

Thank you!

On Mon, Sep 24, 2012 at 6:16 PM, Breno Silva <breno.silva@gmail.com> wrote:
Fixed in the trunk.
Thinking about release 2.6.8 with this and another small issue.

Thanks!

On Mon, Sep 24, 2012 at 9:50 AM, rm4dillo D <rm4dillo@gmail.com> wrote:
Hi,

I just discovered a bug while using the "ruleRemoveTargetById" action. When the action is used with multiple targets in a specific order: specific (like ARGS:test) followed by generic ones (like REQUEST_BODY, ARGS), the exception will not be applied to the simple targets (Cf. https://www.modsecurity.org/tracker/browse/MODSEC-333).

For example, if the action is used this way:
   ...ctl:ruleRemoveTargetByid=xxxxxx;ARGS:test,REQUEST_BODY...

the exception will work for "ARGS:test" but not for "REQUEST_BODY".

The workaround for this is to put generic targets ("ARGS", "REQUEST_BODY") before specific ones ("ARGS:test").


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/